Using Email to Communicate with Patients

Published on:

Email is increasingly used as an efficient communication tool in all industries, and healthcare is no exception. With the constant presence of the internet, smart mobile devices, and social media, patients are increasingly expecting to be able to communicate electronically with their medical providers. While healthcare providers were initially slower to embrace electronic communication, they are now also becoming increasingly dependent on the efficiency that electronic communication provides, both for communication between providers and with patients.

Email certainly can be a valuable and time-saving communication tool to augment face-to-face interactions, if used properly, but it may create liability problems for physicians if not approached carefully. Before you use email in your practice, and particularly before you encourage patients to communicate electronically with your office, consider some of the advantages and disadvantages:

Advantages of email:
  • Improves efficiency for patients and medical offices in routine interactions, such as scheduling appointments and processing refills of certain medications
  • Facilitates providers in answering patients’ routine medical questions
  • Easier documentation as compared with telephone calls
  • May enhance patient compliance with treatment recommendations
Disadvantages of email:
  • Concerns about security of protected health information (PHI) transmitted electronically
  • Potential use of email by patients to report urgent or dangerous medical issues
  • Health plans may not reimburse providers for email consultations

Of course, MIEC encourages our members to adopt technologies that enhance their medical practice. That being said, healthcare providers should make informed decisions when purchasing and using computer software, hardware and/or consulting services. When considering an email communication system, MIEC recommends the following:

Choose your email provider wisely to ensure security and confidentiality:

While free email services such as Yahoo, AOL, Hotmail, or Gmail work well for personal use, health care providers should avoid using them for communicating with patients or other providers. These services are password-protected only, but are not encrypted, and most of them archive the information contained in emails and access it for various reasons, including marketing. For these reasons, most free email services are not HIPAA-compliant, and they are inappropriate for secure communication of PHI.

Emails between providers and patients must be encrypted, and the email messages must be hosted on a server with a secure firewall. For email systems that do not have built-in encryption, there are “add-on” programs that can provide peer-to-peer encryption of emails. As an additional option, there are web-based email systems that offer full encryption. MIEC recommends members to research and compare email providers that advertise as being “HIPAA-compliant.” MIEC does not recommend any specific email platform, as the options change frequently; however, you should independently verify that the service offers full security, including encryption that meets current standards.

Additionally, ensure that the email vendor provides you with an executed HIPAA Business Associate (BA) Agreement. This is a defining characteristic of a “HIPAA-compliant” email provider, and it provides further assurances that your patients’ PHI will be protected. It is also a requirement under the HIPAA Privacy Rule.

Another concern about the privacy of emails, even on secure HIPAA-compliant systems, is when they are mistakenly sent to the wrong email address. In the case of an error (misspelling, typo), there is the likelihood that the email address is invalid and would be returned as “undeliverable.” However, sometimes an error results in the misdirection of an email to the wrong recipient.

To minimize the possibility that a misdirected email is read by the wrong individual, MIEC recommends that you add a disclaimer indicating, “This message is intended only for the use of the individual(s) or entity to which it is addressed, and may contain information that is privileged and confidential. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you received this communication in error, please notify the sender immediately by email.”

Consider an online patient portal as an alternative to email:

As an alternative to email, many practices are increasingly using secure online portals to communicate with patients electronically. Patient portals use a secure web interface to provide patients with a communication platform and immediate access to certain health information, such as diagnostic test results, and health maintenance reminders. Patients are often also able to schedule appointments through the portal.

Many EHR systems have a built-in patient portal, which has the advantage of integration with the electronic medical record. Other portal providers may have a limited ability to integrate with an existing EHR system.

As with choosing a secure email provider, be sure to obtain a signed BA Agreement from the patient portal provider.

Establish written office policies and procedures regarding the use of email to communicate with patients.

Recommendations for using email can be found in the updated American Medical Association Guidelines for Patient-Physician Electronic Mail and Text Messaging (also available at Having a written office policy for the use of email will ensure that providers and staff know how to use it safely.

Here are some recommended provisions for an office email policy (see example below):

  • Communicate via email only with established patients of the practice.
  • Limit the types of allowable communication using email such as scheduling appointments, requesting non-narcotic prescription refills, reporting normal test results, providing advice for non-urgent medical concerns.
  • Avoid using email to discuss highly-sensitive issues such as HIV test results, STD test results, mental health information, information or questions about sexual activity.
  • Do not use email to report abnormal test results. These should be reported by a provider in-person or by telephone, which ensures that the patient receives and understands the significance of the information, can ask questions, and is able to obtain the doctor’s follow-up advice.
  • If using paper records or a stand-alone EMR system, print and initial patients’ email messages and your responses to the medical chart.
  • Determine responsibility for checking email and responding to different categories of messages.
  • Establish a turnaround time for email messages so patients will know when to expect your response to their inquiries. How often will the incoming mailbox be checked? If your computer’s email in-box is always open (that is, your computer is always logged on to the Internet or the source of your electronic mail system), program the computer to sound a distinctive alert when new messages are received. If the computer is not continuously logged on to the email system or Internet, someone must start the program frequently to check for new messages.
  • Educate patients about the limitations of your ability to make medical evaluations and diagnoses, dispense medical advice, or prescribe new medications in response to an email inquiry.
  • Create an automatic reply to patients to acknowledge receipt of their messages (Example: “Your message has been received at the office of Dr. XX. If you have not heard from the doctor(s) within XX hours, please call, fax, or mail the office with your inquiry. Practice name, address, fax no., phone no.”)
  • If your office is closed and there is no one available to respond to email messages, be sure to enable and/or update your automatic reply to inform patients that you are unavailable. Advise patients how long you will be unavailable, and whom to contact (and how) in your absence.
  • When responding to patient emails, ask patients to confirm that they received your response.
Give patients a choice:

While it may seem as if the entire world is embracing technology, it is important to understand, and accommodate for, those who might prefer not to communicate electronically with their healthcare providers. Your office policy should give patients the choice of their preferred method of contacting the practice, and for the practice to contact them, even if that necessitates communication by telephone, in writing, or in person.

Develop a Patient Information and Email Agreement:

Once you decide how you will use email in your practice, provide patients with written information and guidelines (see example below) regarding how email should be used. This document should inform patients about the limitations of using email, expectations regarding length of messages, expected time frames for review and response and what to do if there is no response, and possible privacy risk. Importantly, patients should be informed that communicating by email may not be a safe alternative to seeing a physician, and that any urgent medical conditions should be addressed by proceeding to the ER or calling the office for consultation or an appointment. The document includes the patient’s signed authorization for you to communicate with them at a designated email address indicated on the form.


Sample Letters & Forms

[Figure 1] Information About Email Communication and Our Email Policies

[Figure 2] Email Communication Agreement